Re: Computer object is a container? User properties has delegation
- From: Chris_GLD <ChrisGLD@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Jun 2007 07:32:00 -0700
Thanks for the info. We use this domain controller to control vpn access and
routes accordingly. We have a linksys router that allows VPN pass through. It
just seems that the user cannot access any services. This user has "Allow
Access" for Remote acess permission. The user is an admin on the network. He
is the only one having problems. I am the primary Network Administrator and
other users on this network have none of these problems. So the problem, I am
assuming, lies within the users AD profile and permissions. Again keep in
mind this user has administrative permission. This user could not access this
morning OWA either this morning. I AM SO LOST.
"Al Mulnick" wrote:
Roughly, "A server process that is running on a computer (or under a user.
context) that is trusted for delegation can access resources on another
computer by using a client computer's delegated credentials"
Terminal services access is controlled via a different tab on the user
security principal object. VPN - totally depends on how you have that setup.
Something to try, if you think it's the machine - have him try the services
from a known good workstation. Isolate the issue before you solve it so to
speak.
Something else to consider - a second domain controller. Unless this is
SBS, you may want that second domain conctroller to be online when the
hardware on your first fails.
Al
"Chris_GLD" <ChrisGLD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D599CB18-8A4F-446F-900F-C379D125FEED@xxxxxxxxxxxxxxxx
Well here is my scenerio.
First of all, I am running Windows Server 2003, this server is my only
domain controller. I have a computer in active directory that i just
deleted.
When i select delete from AD on the computer it asked me if i was sure
because the object in active directory is actually a container that
contains
objects. So i go into ADSIEdit to view the object and it is CN=msmq (MS
Message Queueing). I deleted the object and all is good with the world.
Now
the user of that computer got a new computer with a new computer name.
This
user we will call Pete; Pete has a Delegation tab and is having trouble
with
Terminal Services, VPN access, Remote Web Workplace, ALL SERVICES SEEM TO
BE
DENIED TO THE USER. The Delegation tab contains the following:
Delegation is a security-sensative operation, which allows services to act
on behalf of another user.
Choices
- Do not trust this user for delegation
- Trust this user for delegation to any service (Kerbose Only) (This one
is
selected)
- Trust this user for delegation to specified services
If i choose the last choice and then add pete to the user list. It has
MSSQLSvc port 1433 added with the user information.
Can someone please explain all this to me and maybe how to get rid of this
delegation tab? If you need more info let me know. Sorry for the lenghty
post.
Thanks,
Chris
- Follow-Ups:
- Re: Computer object is a container? User properties has delegation
- From: Al Mulnick
- Re: Computer object is a container? User properties has delegation
- References:
- Prev by Date: Re: Response from undesired DNS Server in Single Domain Multiple S
- Next by Date: Re: Licensing
- Previous by thread: Re: Computer object is a container? User properties has delegation tab
- Next by thread: Re: Computer object is a container? User properties has delegation
- Index(es):
Relevant Pages
|
